Configuring CentOS to to send logs to Nagios Log Server

Jan 23, 2015 • Jonathan Frappier

Now that Nagios Log Server is installed, it’s time to get some log files in there. I got myself all fired up ready to comb through page after page of documentation to figure out how to set it up… then those nice folks over at Nagios did this…

That’s right, if you click on Linux Source from the home screen, it gives you scripts to download and run to set it all up. They even pulled the IP address from the Nagios Log Server…it was like they wanted you to succeed in making this all work! It can’t be that easy right? Let’s try!

That was easy, no way there are actually logs showing up in Nagios Log Server though, right? Almost, SELinux was preventing log files from being shipped as you can see in the middle of the above screenshot. So…

In probably less than 5 minutes, you can have a fully functional Nagios Log Server, based on ELK, deployed and receiving log files from a remote source - that is damn impressive. Of course in this example we haven’t looked at which logs we are sending - maybe you only want specific log files being sent from Apache or Ansible for instance, but that is a finer art form that we can save for another blog post. Happy logging!

When I think of syslog servers, I tend to think of VMware Log Insight and Splunk on the commercial side, and SyslogNG or an ELK solution like the one Larry Smith has blogged about in the past. I’ve never thought of Nagios; turns out they have a logging solution of their own, and it leverages the ELK stack. For many deployments, Nagios Log Server will fall into the commercial category, there is a free version which supports a single instance of Log Server running and a maximum of 500MB logged in a day (according to http://logfilemonitoring.com/ which appears to be affiliated with Nagios.com). However, for SMBs who may only have a few servers, or to support a specific application, Nagios Log Server may do the trick. Only one way to find out right? Let’s get it installed!